PatchSiren cyber security CVE debrief
CVE-2026-55249 rtk-ai CVE debrief
The @rtk-ai/rtk-rewrite OpenClaw plugin, version 1.0.0, is vulnerable to arbitrary OS command execution. The plugin fails to properly escape attacker-controlled input when passing it to a shell-backed execSync() template string. This allows an attacker to inject and execute arbitrary OS commands with the privileges of the plugin/gateway process. The vulnerability is rated as MEDIUM with a CVSS score of 6.3. The CVE was published on 2026-06-23T19:17:11.713Z and modified on 2026-06-25T20:13:08.180Z.
- Vendor
- rtk-ai
- Product
- rtk
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-25
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-25
Who should care
Developers and administrators using the @rtk-ai/rtk-rewrite OpenClaw plugin, version 1.0.0, should be aware of this vulnerability. The vulnerability can be exploited by an attacker who can influence the exec tool's command parameter, potentially through an LLM agent prompt or gateway/tool-calls input. Affected systems may be vulnerable to arbitrary OS command execution.
Technical summary
The @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync() template string without shell-safe escaping. JSON.stringify() is used to wrap the value in double quotes and escape inner double-quotes and backslashes, but it leaves $() and backtick shell metacharacters untouched. As execSync delegates execution to /bin/sh -c, the shell expands $(...) substitutions even inside double-quoted strings, causing the injected subcommand to execute before rtk is invoked.
Defensive priority
High priority should be given to updating the @rtk-ai/rtk-rewrite OpenClaw plugin to a version that properly escapes attacker-controlled input. In the meantime, defenders should monitor for suspicious activity and implement compensating controls to limit the potential impact of an exploit.
Recommended defensive actions
- Update the @rtk-ai/rtk-rewrite OpenClaw plugin to a version that properly escapes attacker-controlled input.
- Implement input validation and sanitization for the exec tool's command parameter.
- Monitor for suspicious activity and implement compensating controls to limit the potential impact of an exploit.
- Consider using alternative plugins or tools that provide similar functionality with better security guarantees.
- Perform regular security audits and vulnerability assessments to identify potential vulnerabilities.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, including its CVSS score and severity. The source item URL provides additional information on the vulnerability, including references to security advisories.
Official resources
-
CVE-2026-55249 CVE record
CVE.org
-
CVE-2026-55249 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
This article is AI-assisted and based on the supplied source corpus.